Security update for Linux Kernel Live Patch 11 for SLE 12 SP1
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:1290-1
Final
1
1
2017-05-15T16:00:19Z
current
2017-05-15T16:00:19Z
2017-05-15T16:00:19Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Linux Kernel Live Patch 11 for SLE 12 SP1
This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bsc#1031660).
- CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bsc#1031440, bsc#1031481).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-Live-Patching-12-2017-775
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20171290-1/
Link for SUSE-SU-2017:1290-1
https://lists.suse.com/pipermail/sle-security-updates/2017-May/002872.html
E-Mail link for SUSE-SU-2017:1290-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1030575
SUSE Bug 1030575
https://bugzilla.suse.com/1031440
SUSE Bug 1031440
https://bugzilla.suse.com/1031481
SUSE Bug 1031481
https://bugzilla.suse.com/1031660
SUSE Bug 1031660
https://www.suse.com/security/cve/CVE-2017-7294/
SUSE CVE CVE-2017-7294 page
https://www.suse.com/security/cve/CVE-2017-7308/
SUSE CVE CVE-2017-7308 page
SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_67-60_64_24-default-5-2.1
kgraft-patch-3_12_67-60_64_24-xen-5-2.1
kgraft-patch-3_12_67-60_64_24-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_67-60_64_24-xen-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2017-7294
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_24-default-5-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_24-xen-5-2.1
moderate
6
AV:L/AC:M/Au:S/C:N/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171290-1/
https://www.suse.com/security/cve/CVE-2017-7294.html
CVE-2017-7294
https://bugzilla.suse.com/1027179
SUSE Bug 1027179
https://bugzilla.suse.com/1031440
SUSE Bug 1031440
https://bugzilla.suse.com/1031481
SUSE Bug 1031481
https://bugzilla.suse.com/1115893
SUSE Bug 1115893
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
CVE-2017-7308
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_24-default-5-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_67-60_64_24-xen-5-2.1
moderate
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20171290-1/
https://www.suse.com/security/cve/CVE-2017-7308.html
CVE-2017-7308
https://bugzilla.suse.com/1027179
SUSE Bug 1027179
https://bugzilla.suse.com/1031579
SUSE Bug 1031579
https://bugzilla.suse.com/1031660
SUSE Bug 1031660
https://bugzilla.suse.com/1115893
SUSE Bug 1115893